Affecting org.codehaus.plexus:plexus-utils artifact, versions [,3.0.24)
org.codehaus.plexus:plexus-utils is a collection of various utility classes to ease working with strings, files, command lines, XML and more.
Affected versions of this package are vulnerable to XML Injection.
org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment method does not check if a XML input includes a "-->" sequence which can be treated as comments. This flaw could be abused to insert text contained in the command string that could be interpreted as XML, possibly leading to XML injection issues.
org.codehaus.plexus:plexus-utils to version 3.0.24 or higher.
- Florian Weimer
- Snyk ID
- 21 Sep, 2015
- 06 Sep, 2019